I know a membership website which is getting quite popular among people day by day. Now I see people are making more than one accounts by using proxies. They should allow multiple accounts from the same person(As they have no Terms of Service against it.) and it should be ethical to create as much accounts a person wants. But they are blocking the accounts without giving a reason. So people use proxies. Now I wanted to know if there is a way the website can check if a person is using a proxy or not and also can they get his original ip?

Note:

I understand someone with authority can track an ip even if he uses a proxy as the proxy servers keep a record of the real ip but the question is for a normal website which does not have this significant authority.

2 Answers
2

It depends somewhat on the proxy. Some proxies will provide a X-Forwarded-For header which provides the IP address of the system that made the request via the proxy.

Other proxies, especially those that specifically offer anonymous browsing are unlikely to provide any direct information about the source of the request.

Beyond that basic point, there's a number of potential means that the site could use to determine users who are creating multiple accounts. Whether they would largely depends on the type of site and how keen they are to prevent it. Some options would be

Browser Fingerprinting. Essentially the specific combination of version information visible to the server can sometimes be used to identify specific users.

Rich clients. If the site downloads something like a Java applet they could use that to try and determine the Internet IP address of the user.

Of course all this depends on how they're preventing a user having multiple accounts. From what you're saying they're basing it on source IP address, which is not a great solution as a lot of users use proxies in the general run of things (eg, browsing from a company network), so it would fail for them.